<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: download.php 170 2013-09-22 07:54:45Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 170 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-22 07:54:45 +0000 (Sun, 22 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

include ('includes/application_top.php');

require_once (DIR_FS_INC.'inc.random_name.php');
require_once (DIR_FS_INC.'inc.unlink_temp_dir.php');

if (!isset($_SESSION['customer_id']))
	die;

if ((isset($_GET['order']) && !is_numeric($_GET['order'])) || (isset ($_GET['id']) && !is_numeric($_GET['id'])))
	die;

$downloads = $db->db_query("SELECT 
								DATE_FORMAT(o.date_purchased, '%Y-%m-%d') AS date_purchased_day, 
								opd.download_maxdays, 
								opd.download_count, 
								opd.download_maxdays, 
								opd.orders_products_filename 
							FROM 
								".TABLE_ORDERS." o, 
								".TABLE_ORDERS_PRODUCTS." op, 
								".TABLE_ORDERS_PRODUCTS_DOWNLOAD." opd 
							WHERE 
								o.customers_id = '".$_SESSION['customer_id']."' 
							AND 
								o.orders_id = '".(int) $_GET['order']."' 
							AND 
								o.orders_id = op.orders_id 
							AND 
								op.orders_products_id = opd.orders_products_id 
							AND 
								opd.orders_products_download_id = '".(int) $_GET['id']."' 
							AND 
								opd.orders_products_filename != ''");

if($downloads->_numOfRows) {
	list ($dt_year, $dt_month, $dt_day) = explode('-', $downloads->fields['date_purchased_day']);
	$download_timestamp = mktime(23, 59, 59, $dt_month, $dt_day + $downloads->fields['download_maxdays'], $dt_year);
	
	if (($downloads->fields['download_maxdays'] != 0) && ($download_timestamp <= time()))
		die;
		
	if ($downloads->fields['download_count'] <= 0)
		die;
		
	if (!file_exists(DIR_FS_DOWNLOAD.$downloads->fields['orders_products_filename']))
		die;
	
	$db->db_query("	UPDATE 
						".TABLE_ORDERS_PRODUCTS_DOWNLOAD." 
					SET 
						download_count = download_count-1, 
						download_ip = '".$_SERVER['REMOTE_ADDR']."', 
						download_time = NOW() 
					WHERE 
						orders_products_download_id = '".(int) $_GET['id']."'");
	
	header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
	header("Last-Modified: ".gmdate("D,d M Y H:i:s")." GMT");
	header("Cache-Control: no-cache, must-revalidate");
	header("Pragma: no-cache");
	header("Content-Type: Application/octet-stream");
	header("Content-Length: ".filesize(DIR_FS_DOWNLOAD.$downloads->fields['orders_products_filename']));
	header("Content-disposition: attachment; filename=\"".$downloads->fields['orders_products_filename']."\"");
	
	if (DOWNLOAD_BY_REDIRECT == 'true') {
		unlink_temp_dir(DIR_FS_DOWNLOAD_PUBLIC);
		$tempdir = random_name();
		umask(0000);
		mkdir(DIR_FS_DOWNLOAD_PUBLIC.$tempdir, 0777);
		symlink(DIR_FS_DOWNLOAD.$downloads->fields['orders_products_filename'], DIR_FS_DOWNLOAD_PUBLIC.$tempdir.'/'.$downloads->fields['orders_products_filename']);
		redirect(DIR_WS_DOWNLOAD_PUBLIC.$tempdir.'/'.$downloads->fields['orders_products_filename']);
	} else
		readfile(DIR_FS_DOWNLOAD.$downloads->fields['orders_products_filename']);
}
?>